Context-aware firewall for in-vehicle cyber security

1. A module for providing security to a vehicle comprising an in-vehicle communication network having a bus and at least one node connected to the bus, the module comprising: a memory having software comprising data characterizing messages that the at least one node transmits and receives via the bus during normal operation of the node; a communication port via which the module receives and transmits messages, the port being configured to be connected to a portion of the in-vehicle network; and a processor that processes, responsive to the software in the memory, messages received via the port from the portion of the in-vehicle network to: 1) accumulate data from the messages received via the port, the data being useable to determine an operating context of the vehicle; 2) determine a vehicle context based on the accumulated data, the vehicle context comprising an operating state of the vehicle that is common to each of a plurality of vehicles substantially at a same time; 3) based on the determined vehicle context determine if a received message is anomalous; and 4) if the received message is determined to be anomalous operate to log data relevant to the message into a memory and/or prevent the message from affecting a node of the at least one node.

2. The module according to claim 1 wherein the accumulated data comprises at least one or any combination of more than one of vehicle speed, acceleration, closing speed to a leading or trailing vehicle, engine rpm, engine temperature, oil pressure, hydraulic pressure, wheel traction, road condition, vehicle location, and/or weather condition.

3. The module according to claim 1 wherein the context comprises a state of the vehicle's in-vehicle communication system based on the accumulated data.

4. The module according to claim 3 wherein the accumulated data comprises at least one or any combination of more than one of baud rate, types of messages transmitted over the network, contents of a communication session, which nodes in in-vehicle communication network are actively communicating over the network, and/or if the in-vehicle network is compromised by a cyberattack.

5. The module according to claim 1 wherein the common operating state is based on at least one or any combination of more than one of a common cyberattack, and/or a same probability of failure of a vehicle control system.

6. The module according to claim 1 wherein the vehicle context is represented by a feature vector.

7. The module according to claim 6 wherein components of the feature vector comprises values of a message frequency histogram that provides a relative frequency of transmission over the in-vehicle network for each of a plurality of different messages.

8. The module according to claim 1 wherein the processor is configured to determine the context in real time substantially at a time that the message is received.

9. The module according to claim 1 wherein the module is a rule based module that operates in accordance with a set of rules to identify and classify messages transmitted over the in-vehicle network and to determine an action to undertake with respect to an identified message.

10. The module according to claim 9 wherein the processor is operable to configure the rules based on context.

11. The module according to claim 1 wherein the in-vehicle network is a CAN in-vehicle network and the received messages are control area network (CAN) messages comprising an arbitration ID, a data portion, and a cyclic redundancy check (CRC) code.

12. The module according to claim 1 wherein the module is a hardware module comprising a physical port configured to be connected to the portion of the in-vehicle network.

13. The module according to claim 1 wherein the module is a software module that may be integrated with software of the at least one node of the in-vehicle network.